Why Iran Hacks

Fourth in a series on the motivations that compel nation-states to hack.

The timing of the invitation to address a joint session of the U.S. Congress from Speaker of the U.S. House of Representatives John Boehner to Israeli Prime Minister Benjamin Netenyahu couldn’t be better for a discussion on Iranian cyber capabilities. Putting internal U.S. politics aside, the event represents a continuing effort by Netanyahu to alert the world to the dangers of a nuclear-armed Iran. As with Iran’s desire to attain nuclear weapons, its history of bad cyber behavior is part of an Iranian strategic effort to establish a hegemon in the Middle East.

To understand the motivation behind Iran’s goal of regional dominance, it’s helpful to consider the relationship between Iran and the United States, as well as Iran’s relationship with its Islamic neighbors in and around the Arabian Peninsula.

A quick review of recent history reveals an extremely sensitive relationship between the U.S. and Iran. Since the Iranian Revolution in 1979, Iran and the U.S. have been in a constant state of diplomatic tension which has extended to a kind of military brinksmanship. Over the decades following the revolution, the U.S. has maintained a visible and proactive military presence in the region, exclusive of the Iraq Wars, in order to demonstrate its resolve to keep the Persian Gulf (or the Arabian Gulf, depending upon your perspective) open to trade.

At the same time, Iran has tried to demonstrate its dominance in the region by posing a constant threat to control, if not deny, access to the Persian Gulf. I can attest to the significant military tension in the region from my experience flying off of aircraft carriers in the Gulf, and transiting through the Straits of Hormuz. This aggressive relationship between the U.S. and Iran has become a symbol of Western meddling in the region from the point of view of Iran. This perspective is similar to China’s view of the U.S. presence in East Asia, although, in my opinion, the Chinese context is more related to economics. The Iranian perspective is partly economic as the country has a rich supply of natural resources (e.g. oil and natural gas). But it is also impacted by theology, the second motivation behind Iran’s cyber activity.

Shifting demographics
Islamic demographics in the region can be a little confusing, particularly as we watch the evolution of the Islamic State in Syria and Iraq. Until the rise of Al Qaeda and now ISIL (or ISIS, or whatever they’re calling themselves), Iran was the face of Islam in the Middle East. Ironically, the majority of the Iranian population practices Shia Islam while the majority of Muslims globally practice Sunni Islam. The distinction is significant because enmity between the two sects is one of the root causes of the persistent tension in the region. Historically, the Sunni Islamic countries like Saudi Arabia, Kuwait, Jordan, Egypt, and Iraq before the first Gulf War, have been aligned with the West (represented by the U.S.) both economically and militarily. Those alliances have created tension between Iran and its Sunni neighbors. We have seen that tension manifest itself as Iran continues to extend its influence in eastern Iraq and Yemen.

If Iran is to successfully establish itself as the dominant power in the Middle East, it must minimize Western influence in the region and increase its influence over its neighbors. To do that, Iran must disrupt the military and economic influence of Western countries that maintain a presence in the region, and at the same time it must destabilize those regional Sunni governments friendly to the West. As Iran continues to leverage the threat of nuclear weapons in the kinetic world, it is actively converting threat to action in the cyber domain to achieve its regional objectives.

Until recently, Iranian cyber capability wasn’t considered particularly exceptional. But shortly after the Stuxnet attack, largely attributed to the U.S. and Israel, Iran initiated a focused effort to ramp up its cyber capability. Some experts believe that Iran has closed the cyber capability gap with countries like the U.S. and Russia. The recent Cylance report on Iranian cyber operations identified a number of nations against which Iran has successfully conducted cyber espionage and/or established persistent presence in networks related to critical infrastructure and key resources (CIKR). Interestingly, China is on the list along with a number of U.S. allies including Canada, Saudi Arabia, Qatar, Kuwait, and the United Arab Emirates, to name a few. Note the focus on Sunni states friendly to the U.S.

The North Korean Connection
Lest we believe that Iran operates in the cyber domain with pure strategic intentions, we should also note that like North Korea, Iran lashes out in response to perceived insults by conducting cyberattacks on alleged offenders. Iranian activists are reportedly responsible for a destructive attack on Las Vegas Sands Corporation in February 2014, in response to CEO Sheldon Adelson’s comments about detonating a nuclear bomb in Iran.

At the risk of appearing cliché, axis of evil states tend to flock together. In September 2012, Iran signed an extensive cooperative technology agreement with North Korea. The partnership provides an opportunity for collaboration on information, security and development of technology programs between the two nations. The technology agreement, coupled with focused attacks on CIKR in South Korea by Iran, strongly suggest a cyber alliance with North Korea. This partnership may also explain why the relatively unsophisticated North Koreans were able to carry out such a devastating attack on Sony Pictures.

As the Islamic State and Yemen dominate the headlines in the coming weeks, Prime Minister Netenyahu’s address to Congress will be a stern reminder of another, and perhaps more significant, threat in the region: the perils of a nuclear-armed Iran. I wonder if the problem will be resolved in the cyber domain.